Catagorized Notes

Renamed notes to fit categories and be easier to find later: blog, config, howto
2023-04-28 10:31:11 -04:00
parent ccadd25693
commit 65c434952a
33 changed files with 89 additions and 211 deletions
--- a/tunneling.md
+++ b/tunneling.md
@@ -0,0 +1,82 @@
+# SSH Tunneling
+
+## Local Forwarding
+
+### Examples
+
+NOTE: these use autossh to prevent the tunnel from dying
+
+Plex
+
+```shell
+autossh -f -nNT -p3141 -N -L 8080:192.168.0.209:32400 chawley@aristotle.planethawleywood.com
+```
+
+ESXi
+
+```shell
+autossh -f -nNT -p3141 -N -L 8090:192.168.0.208:443 chawley@aristotle.planethawleywood.com
+```
+
+Both ESXi and AWX
+
+```shell
+autossh -f -nNT -p3141 -N -L 8090:192.168.0.208:443 -L 8091:192.168.0.25:80 chawley@aristotle.planethawleywood.com
+```
+
+Both Plex and Derry OD
+
+```shell
+autossh -f -nNT -p3141 -N -L 8080:192.168.0.209:32400 -L 8070:192.168.0.209:80 chawley@aristotle.planethawleywood.com
+```
+
+---
+
+| Protocol | From                  | To          | via              | Notes                                                             |
+| -------- | --------------------- | ----------- | ---------------- | ----------------------------------------------------------------- |
+| SSH      | my office workstation | RRD Jumpbox | chawley2@ladmin2 | I have the jumpbox host configured in.ssh/config on both machines |
+
+```shell
+ssh -N -L 8090:54.184.92.50:22 chawley2@ladmin2
+```
+
+| Protocol | From                  | To          | via              | Notes                                                             |
+| -------- | --------------------- | ----------- | ---------------- | ----------------------------------------------------------------- |
+| SSH      | my office workstation | Plex (derry) | chawley@aristotle |  |
+
+```shell
+ssh -p3141 -N -L 8080:192.168.0.209:32400 chawley@aristotle.planethawleywood.com
+```
+
+## Remote Forwarding
+
+NOTE: By default, OpenSSH only allows connecting to remote forwarded ports from the server host. However, the GatewayPorts option in the server configuration file sshd_config can be used to control this. 
+
+The following alternatives are possible:
+
+```shell
+GatewayPorts no
+```
+
+This prevents connecting to forwarded ports from outside the server computer.
+
+```shell
+GatewayPorts yes
+```
+
+This allows anyone to connect to the forwarded ports. If the server is on the public Internet, anyone on the Internet can connect to the port.
+
+### Example
+
+| Protocol | From                  | To          | Notes |
+| -------- | --------------------- | ----------- | -------------- |
+| web      | derry | overlook | This allows you to access apache web pages on derry by visiting <code>http://overlook.planethawleywood.com:8888</code> as long as <code>GatewayPorts yes</code> is present in <code>/etc/ssh/sshd_config</code> (as explained above) and port 8888 is open on Overlook |
+
+```shell
+ssh -R 8888:localhost:80 root@overlook
+```
+
+## Reference
+
+* [How To Use SSH Tunneling](https://www.howtogeek.com/168145/how-to-use-ssh-tunneling/)
+* [SSH Port Forwarding Example](https://www.ssh.com/ssh/tunneling/example)